employee security awareness - wecc security awareness... · • staff responsibilities •...
TRANSCRIPT
Employee Security Awareness
Tuesday, April 9, 2019
Louis StramaglioIT Ops Supervisor
• What is the greatest vulnerability in your organization?
oElectronic Security Perimetero IT NetworkoOT NetworkoPermissionsoPhysical Security
2
Are You Vulnerable?
• Employees
• End users
• Clients
• Customers
• Contractors
3
YES!
Does your company have an Employee Security Awareness Program?
4
Question
• Understand and comply with company security policies and procedures
• Be appropriately trained in the rules of behavior for the systems and applications to which they have access
• Work with management to meet training needs• Keep end users aware of actions they can take
to better protect their company’s information
5
IT Security Program
1. Security Policies• Designed to protect the data• Business needs• Known risks
2. Define responsibilities• Who is responsible• Staff responsibilities• IT/Security responsibilities
3. Establish Processes• Monitor the program• Review results• IRP(Incident Response Plan)
6
Security Program Contents
Do you believe your current Employee Security Awareness Program has Management Buy-in?
7
Question
• Support
• Budget
• Reporting
• Feedback
8
Management Buy-in
• Not training
• Addresses concepts and behaviors
• Terminology
• Informational
9
What is Awareness?
10
Best Asset/Biggest Vulnerability
• Strategy and Plan• Feedback from key groups• Assess current materials
• Create a baseline• Review current metrics• Analysis of findings and
recommendations• Current trends
• Prioritize
• Schedule, but remain flexible
• Make it “So Number One”
11
Create the Awareness Plan
12
Ransomware
Awareness
13
We Are Done, Right?
14
We Are Done, Right?
Awareness
Training
• End users
• IT
• Executives
• Everyone
• Training everyone equally doesn’t always mean training everyone the same way.
Stay flexible15
Who Needs Training?
• In-house
• LMS
• Outsource
16
Where Does Training Come From?
17
NOW We Are Done, Right?Awareness
TrainingTesting & Education
• Measure your success
• Report your success to management
• Remember, stay flexible
• Prioritize weak points, add new content
• Continue the cycle
18
Why Test Me?
1. Obtain Management buy-in
2. Create your awareness plan based on your IT Security Program
3. Generate a security baseline and prioritize
4. Train everyone
5. Test everyone
6. Stay flexible and prioritize
19
Participant Challenge
Contact:Lou StramaglioIT Ops [email protected]
20